More

Target Names New Chief Information Officer

NEW YORK (AP) — Target hired a new chief information officer to help overhaul its data security systems in the wake of a massive pre-Christmas data breach.

The Minneapolis-based discounter said Tuesday that it named outsider Bob DeRodes, who has 40 years of experience in information technology and replaces Beth Jacob, who abruptly left in early March. DeRodes has been a senior information technology adviser for the Center for CIO Leadership, the U.S. Department of Homeland Security, the U.S. Secretary of Defense and the U.S. Department of Justice. He will assume oversight of the company’s technology team and operations, effective May 5.

The nation’s third largest retailer also announced that MasterCard Inc. will provide its branded credit and debit cards with the chip-and-PIN technology that will be coming out next year. Some experts say that technology offers more security than traditional magnetic stripes.

“Establishing a clear path forward for Target following the data breach has been my top priority,” Gregg Steinhafel, Target’s chairman, president and CEO, said in a statement. “I believe Target has a tremendous opportunity to take the lessons learned from this incident and enhance our overall approach to data security and information technology.”

Target said it’s continuing its active search for a chief information security officer and a chief compliance officer.

Target is still dealing with fallout from a massive breach that has hurt profits and sales and its reputation among shoppers who have been worried about the security of their personal data. The company disclosed on Dec. 19 that a data breach compromised 40 million credit and debit card accounts between Nov. 27 and Dec. 15. Then on Jan. 10, it said hackers stole personal information — including names, phone numbers and email and mailing addresses — from as many as 70 million customers.

In the wake of the breach, Target has been making changes, including overhauling some of its divisions that handle security and technology. The company has also been accelerating its $100 million plan to roll out chip-based credit card technology in all of its nearly 1,800 stores.

The new payment terminals will be in the stores by September, six months earlier than planned. The company said Tuesday that beginning in early 2015, Target will be able to accept these payments from all of its Target branded credit and debit cards. Existing Visa Inc. cards will be reissued as MasterCard co-branded chip-and PIN cards.

“Target has long been an advocate for the widespread adoption of chip-and PIN card technology,” said John Mulligan, executive vice president, chief financial officer for Target in a statement.

While magnetic strips transfer a credit card number, chip cards use a one-time code that moves between the chip and the retailer’s terminal, resulting in data that is useless except to the parties involved. They’re also regarded as nearly impossible to copy, at least for now.

But naysayers say that the protections chips provide only go so far, noting that they don’t prevent fraud in online commerce, where consumers still have to enter their credit card numbers. Some also point to other technologies as better long-term solutions.

In March, Visa and MasterCard announced plans to bring together banks, credit unions, retailers, makers of card processing equipment and industry trade groups in a group that aims to strengthen the U.S. payment system for credit and debit cards. The initial focus of the new group will be on banks’ adoption of chip cards.

That comes ahead of a liability shift set to kick in in October 2015. When that occurs, the costs resulting from the theft of debit and credit card numbers will in most cases fall on the party involved with the least advanced technology.